GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
260 advisories
Filter by severity
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected...
Moderate
Unreviewed
CVE-2022-45483
was published
Dec 2, 2022
The application fails to prevent users from connecting to it over unencrypted connections. An...
Moderate
Unreviewed
CVE-2021-35246
was published
Nov 23, 2022
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-43691
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text...
Moderate
Unreviewed
CVE-2021-38828
was published
Nov 14, 2022
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information...
Moderate
Unreviewed
CVE-2022-38710
was published
Nov 4, 2022
"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in...
Moderate
Unreviewed
CVE-2021-39077
was published
Nov 4, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ...
Moderate
Unreviewed
CVE-2022-3206
was published
Oct 17, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5...
Moderate
Unreviewed
CVE-2022-32227
was published
Sep 25, 2022
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain...
Moderate
Unreviewed
CVE-2022-38846
was published
Sep 17, 2022
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive...
Moderate
Unreviewed
CVE-2022-30312
was published
Sep 8, 2022
Cleartext Transmission of Sensitive Information in moment-timezone
Moderate
GHSA-v78c-4p63-2j6c
was published
for
moment-timezone
(npm)
Aug 30, 2022
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in...
Moderate
Unreviewed
CVE-2022-2338
was published
Aug 18, 2022
In Core Utilities, there is a possible log information disclosure. This could lead to local...
Moderate
Unreviewed
CVE-2022-20243
was published
Aug 12, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique...
Moderate
Unreviewed
CVE-2022-34704
was published
Aug 10, 2022
Cleartext transmission of sensitive information vulnerability in authentication management in...
Moderate
Unreviewed
CVE-2022-27619
was published
Aug 4, 2022
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server...
Moderate
Unreviewed
CVE-2022-28861
was published
Jul 22, 2022
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-34804
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this...
Moderate
Unreviewed
CVE-2017-20109
was published
Jun 30, 2022
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack...
Moderate
Unreviewed
CVE-2022-1524
was published
Jun 25, 2022
Information Disclosure via Export Module
Moderate
CVE-2022-31046
was published
for
typo3/cms
(Composer)
Jun 17, 2022
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission...
Moderate
Unreviewed
CVE-2022-25805
was published
Jun 10, 2022
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure...
Moderate
Unreviewed
CVE-2022-30115
was published
Jun 3, 2022
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and...
Moderate
Unreviewed
CVE-2022-29733
was published
Jun 3, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state...
Moderate
Unreviewed
CVE-2021-28508
was published
May 27, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state...
Moderate
Unreviewed
CVE-2021-28509
was published
May 27, 2022
ProTip!
Advisories are also available from the
GraphQL API